Open mend-for-github-com[bot] opened 3 years ago
A markdown parser built for speed
Library home page: https://cdnjs.cloudflare.com/ajax/libs/marked/0.3.19/marked.js
Path to dependency file: /node_modules/marksy/node_modules/marked/www/demo.html
Path to vulnerable library: /node_modules/marksy/node_modules/marked/www/../lib/marked.js
Dependency Hierarchy: - :x: **marked-0.3.19.js** (Vulnerable Library)
Found in HEAD commit: aeab869031be23faba5c5de38e09f27a58e99471
Found in base branch: master
Versions 0.3.7 and earlier of marked suuport unescaping of only lowercase, which may lead to XSS.
Publish Date: 2017-12-23
URL: WS-2019-0026
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
Type: Upgrade version
Release Date: 2017-12-23
Fix Resolution: 0.3.9
WS-2019-0026 - Medium Severity Vulnerability
A markdown parser built for speed
Library home page: https://cdnjs.cloudflare.com/ajax/libs/marked/0.3.19/marked.js
Path to dependency file: /node_modules/marksy/node_modules/marked/www/demo.html
Path to vulnerable library: /node_modules/marksy/node_modules/marked/www/../lib/marked.js
Dependency Hierarchy: - :x: **marked-0.3.19.js** (Vulnerable Library)
Found in HEAD commit: aeab869031be23faba5c5de38e09f27a58e99471
Found in base branch: master
Versions 0.3.7 and earlier of marked suuport unescaping of only lowercase, which may lead to XSS.
Publish Date: 2017-12-23
URL: WS-2019-0026
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2017-12-23
Fix Resolution: 0.3.9